<?php
//written by: Muenge Loundu
session_start();
require_once 'php_includes.php';

//Make sure logged in
checkLogin();

//make sure it is a manager logged on
checkManager();

 // Get form data value
      $set = $_POST["set"];
      $set = str_replace(";","",$set);
      $set = addslashes($set);
      sqlConnect();

      $checkUser =  sqlQuery('select Message FROM Messages WHERE User = \'' .$_SESSION['tmsUserID'].'\''); 
      $result = mysql_num_rows($checkUser);
    
      if($result != 1)
      {
        $sql = "INSERT INTO Messages(User, Message) VALUES(" .$_SESSION['tmsUserID'] .", '$set');";
        // Perform Query
        sqlQuery($sql);
        $statusMgs = "Your message was successfully added.";
        sqlExit();
      }
      else
      {
        $sql = 'UPDATE `'. $dbname.'`.`Messages` SET `Message` = \''.$set.'\' WHERE User =\''.$_SESSION['tmsUserID'].'\'';
        // Perform Query
        sqlQuery($sql);
        $statusMgs = "Your message was successfully added.";
        sqlExit();
      }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

  <head>
    <title>Payroll and Timesheet Management Website</title>
    <link rel="stylesheet" type="text/css" href="styles.css"/>
	<script type="text/javascript" src="pwcheck.js">
	</script>
  </head>
  <body>
  
	<?php writeHeader(); ?>
       <p> <?php echo $statusMgs; ?> </p>

</body>
</html>
	